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DETAILED ACTION 

1 . This action is issued in response to applicants after final filed April 20, 2009. 

2. Claims 1-4, 6-24 and 26-56 are presented. No claim added and claims 5, 16-18, 
25, and 36-55 are cancelled. 

3. Claims 1-4, 6-15, 19-24, 26-35, and 56 are pending. 

4. Applicant's arguments, filed 04/20/09, with respect to the improper finality of the 
rejection of the claims within the previous office action have been fully considered and 
are persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1,6-11,15,22,26-31,35, and 56 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Valois (US Patent Application No. 20040260818) filed 
June 23, 2003, in view of Delany (US Patent Application No. 20020156879) filed 
November 30, 2001, further in view of Lucovsky (US Patent No. 7,284,271) filed 
October 22, 2001. 
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Regarding Claims 1, 22, and 56, Valois discloses a method for controlling 
access to a resource of a device, the method comprising: 

storing, within a device, authorization data that defines: (i) an access 
control attribute ([0058], lines 4-10, Valois)\ and (ii) an associated regular 
expression specifying a textual pattern ([0057], lines 4-9, Valois). However, 
Valois is not as detailed with respect to at least one class of clients that access 
the device and coarse-grain access control rights for members of the class to 
configuration data for a resource provided by the device. On the other hand, 
Delany discloses at least one class of clients that access the device ([01 12], 
Delany) and coarse-grain access control rights for members of the class to 
configuration data for a resource provided by the device ([01 18], Delany). Valois 
and Delany are analogous art because they are from the same field of endeavor 
of relating to a system that provides authorization compliance validation with a 
security policy. It would have been obvious to one of ordinary skill in the art at the 
time of the invention to incorporate Delany's teachings into the Valois system. A 
skilled artisan would have been motivated to combine in order to achieve the 
level of detail at which the data would have been considered. As a result, coarse- 
grain access provides higher performance through more optimized protocols and 
the data tends to work on contiguous regions at a time. However, the 
combination of Valois in view of Delany, are not as detailed with fine-grain 
access control rights for the members of the class to only a portion of the 
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configuration data for the resource provided by the device. On the other hand, 
Lucovsky discloses fine-grain access control rights for the members of the class 
to only a portion of the configuration data for the resource provided by the device 
(col .2, lines 41-55, Lucovsky). It would have been obvious to one of ordinary skill 
in the art at the time of the invention to incorporate Lucovsky's teachings into the 
Valois and Delany system. A skilled artisan would have been motivated to 
combine in order to provide a system for granting appropriate access privileges 
based on authentication credentials. Therefore, the combination of Valois in view 
of Delany, and further in view of Lucovsky, disclose receiving, with the device, a 
command from a client, wherein the command requests access to configuration 
data for the resource of the device ([0159] and [0165], Delany); identifying the 
class of which the client is a member ([0166], Delany); retrieving, from the 
authorization data, both the access control attribute and the regular expression 
for the identified class of which the client is a member ([0088], Valois); evaluating 
the command using the retrieved regular expression to determine whether the 
command matches the textual pattern specified by the retrieved regular 
expression ([01 18], lines 19-26, Delany); and controlling access to the portion of 
the configuration data requested by the client based on both: (i) the coarse-grain 
access control rights to the configuration data of the resource specified by the 
access control attribute for the identified class of which the client is a member. 



^ Examiner Notes: Authorization data corresponds to "references" and the definition is an attribute that is 
part of the Access Control List (ACL). 
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and (ii) the evaluation of the regular expression for that class ([0159], lines 1-10, 
Delany). 

Regarding Claims 6 and 26, the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method wherein the coarse-grain access 

control attribute comprises a set of permission bits, and each of the permission 
bits is associated with a respective group of the resources ([0161], lines 3-5, 
Delany). 

Regarding Claims 7 and 27, the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method further comprising receiving the 
command from the client via a command line interface ([0199], lines 2-1 1 , 
Delany)^ 

Regarding Claims 8 and 28, the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method wherein evaluating the command 

comprises evaluating the command in real-time ([0383], lines 9-14, Delany) while 
the client inputs the command via the command line interface ([0199], lines 2-1 1 , 
Delany). 



^ Examiner Notes: Receiving the command from a client corresponds to "a user can request..." and the 
interface corresponds to "GUI". 
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Regarding Claims 9 and 29, the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method wherein the configuration data is 
arranged in the form of a multi-level configuration hierarchy having a plurality of 
objects (Fig. 5, [0142], lines 1-2, Delany), and each of the objects represents a 
portion of the configuration data that relates to one or more resources of the 
device ([0142], lines 2-5, Delany). 

Regarding Claims 10 and 30, the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method wherein the objects have 
respective textual labels ([0143], lines 1-4, Delany) and the regular expression 
defines the textual pattern to match the textual labels ([0057], lines 4-9, Valois) of 
a set of one or more of the objects within the configuration hierarchy (Fig.5, 
Delany). 

Regarding Claims 1 1 and 31 , the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method wherein evaluating the command 
comprises applying the regular expression to the command ([0099], lines 1-7, 
Valois) to determine whether the command specifies any of the objects within the 
set ([0142], lines 2-5, Delany). 
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Regarding Claims 15 and 35, the combination of Valois in view of Delany, 
further in view of Lucovsky, disclose a method wherein controlling access 
comprises controlling access to configuration data of a router ([0053], lines 6-10, 
Valois). 

7. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Valois (US Patent Application No. 20040260818) filed June 23, 2003, in view of 
Delany (US Patent Application No. 20020156879) filed November 30, 2001, further 
in view of Lucovsky (US Patent No. 7,284,271) filed October 22, 2001, and further 
in view of Mitra (US Patent No. 6,973,460) filed November 26, 2002. 

Regarding Claim 4, the combination of Valois in view of Delany, further in 
view of Lucovsky, disclose a method for storing authorization data ([0058], lines 
4-10, Valois). However, Valois, Delany, and Lucovsky do not explicitly disclose 
storing the authorization data as a class that conforms to a class syntax. On the 
other hand, Mitra discloses storing the authorization data as a class that 
conforms to a class syntax (column 8, lines 7-18, Mitra). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to 
incorporate Mitra's teaching into the Valois, Delany, and Lucovsky system. A 
skilled artisan would have been motivated to combine the two references as 
suggested by Mitra (column 7, lines 48-52), in order for the classes to be 
annotated such that, at run-time, useful information about how the data is 
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organized for eacli of tlie various ways of storing tlie data (i.e. configuration) may 
be extracted from tine annotations. As a result, tliis allows for various services to 
perform operations in accordance with the information. 

8. Claims 12-14,19-21, and 32-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valols (US Patent Publication No. 2004/0260818) June 23, 2003, 
in view of Delany (US Patent Publication No. 2002/0156879) filed November 30, 
2001, further in view of Lucovsky (US Patent No. 7,284,271) filed October 22, 2001, 
and further in view of Nelson (US Patent No. 6,243,713) filed August 24, 1998. 

Regarding Claims 12 and 32, the combination of Valols in view of Delany, 
further in view of Lucovsky, disclose a method further comprising to automatically 
insert one or more meta-characters into the regular expression ([0451-0453], 
lines 1-7, Delany) based on the hierarchical arrangement of the configuration 
data (Fig. 5, Delany). However, Valols in view of Delany, further in view of 
Lucovsky, does not explicitly disclose pre-processing the regular expression. On 
the other hand. Nelson discloses pre-processing the regular expression (column 
10, lines 39-50, Nelson). It would have been obvious to one of ordinary skill in the 
art at the time of the invention to incorporate Nelson's teachings into the Valois in 
view of Delany, further in view of Lucovsky, system. A skilled artisan would have 
been motivated to combine the two references as suggested by Nelson (column 
9, lines 60-65), in order to convert component data into a list of distinctive objects 
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that represent the original data of the component, this is understood to perform 
data reduction. Pre-processing remove any non-essential information that does 
not substantially add to the quality of the system. As a result, pre-processing 
saves the system time and space for capacity. 

Regarding Claims 13 and 33, the combination of Valois in view of Delany, 
further in view of Lucovsky, and further in view of Nelson, discloses a method 
further comprising: 

pre-processing the regular expression (column 10, lines 39-50, Nelson) so 

that the command is evaluated with the regular expression in real-time ([0383], 
lines 9-14, Delany) as the client enters the command ([0199], lines 2-1 1 , Delany). 

Regarding Claims 14 and 34, the combination of Valois in view of Delany, 
further in view of Lucovsky, and further in view of Nelson, discloses a method 
wherein evaluating the command comprises evaluating the command with the 
pre-processed regular expression each time the client enters a token indicating a 
textual break within the command (column 17, lines 35-40, Nelson). 

Regarding Claim 19, the combination of Valois in view of Delany, further in 
view of Lucovsky, and further in view of Nelson, discloses a method comprising: 
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receiving input defining at least one class of clients that access the device 
([01 1 2], Delany), wherein the input defines for each class of clients an access 
control attribute ([0058], lines 4-10, Valois) and an associated regular expression 
that specifies a textual pattern ([0057], lines 4-9, Valois); 

pre-processing the regular expression (column 10, lines 39-50, Nelson) for 
each class of clients to automatically insert one or more meta-characters into the 
regular expression ([0451-0453], lines 1-7, Delany); 

receiving an access request from a client ([01 13], Delany); 

identifying the class of which the client is a member ([0166], Delany); 

retrieving the access control attribute and the regular expression for the 
identified class of which the client is a member ([0088], Valois); 

evaluating a command in real-time using the regular expression ([0383], 
lines 9-14, Delany) for the identified class of which the client is a member as the 
client enters the command via a command line interface ([0199], lines 2-1 1 , 
Delany); and 

controlling access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 

Regarding Claim 20, the combination of Valois in view of Delany, further in 
view of Lucovsky, and further in view of Nelson, discloses a method further 
comprising storing the configuration data in the form of a multi-level configuration 
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hierarchy having a plurality of objects (Fig. 5, [0142], lines 1-2, Delany), wherein 
pre-processing the regular expression comprises automatically inserting one or 
more meta-characters into the regular expression ([0451-0453], lines 1-7, 
Delany) based on the hierarchical arrangement of the configuration data (Fig.5, 
Delany). 

Regarding Claim 21 , the combination of Valois in view of Delany, further in 
view of Lucovsky, and further in view of Nelson, discloses a method wherein the 
regular expression defines a textual pattern that identifies one or more of the 
objects within the configuration hierarchy, and evaluating the command 
comprises: 

applying the regular expression in real-time ([0383], lines 9-14, Delany) to 
determine whether a portion of the command that has been entered by the client 
matches the textual pattern ([0064], lines 1-5,Valois); and 

selectively allowing the client to complete the command based on the 
determination ([0199], lines 2-11, Delany). 
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Allowable Subject Matter 

1 1 . Claims 2, 3, 23, and 24 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

The following is a statement of reasons for the indication of allowable subject 
matter: allowing access to the configuration data when the access control attribute 
denies access to the resource and the textual pattern of the regular expression matches 
the command; and denying access to the configuration data when the access control 
attribute grants access to the resource and the textual pattern of the regular expression 
matches the command. 

Response to Arguments 

Applicant's arguments with respect to the newly amended claims have been 
considered but are moot in view of the new ground(s) of rejection. 

Points of Contact 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHELCIE DAYE whose telephone number is (571) 272- 
3891 . The examiner can normally be reached on M-F, 7:00 - 4:30. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Apu Mofiz can be reached on 571-272-4080. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 

Patent Application Information Retrieval (PAIR) system. Status information for 

published applications may be obtained from either Private PAIR or Public PAIR. 

Status information for unpublished applications is available through Private PAIR only. 

For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

you have questions on access to the Private PAIR system, contact the Electronic 

Business Center (EBC) at 866-217-9197 (toll-free). 

Chelcie Daye 
Patent Examiner 
Technology Center 2100 
April 30, 2009 



/Apu M Mofiz/ 

Supervisory Patent Examiner, Art Unit 2161 



